Which information should be maintained about service providers under 12.8.5?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the PCI Data Security Standard Exam. Master your knowledge with interactive flashcards and multiple-choice questions, each with hints and explanations. Prepare confidently for your certification test!

Multiple Choice

Which information should be maintained about service providers under 12.8.5?

Explanation:
Responsibility allocation for PCI DSS controls is what this item tests. When you rely on a service provider, you must clearly document which PCI DSS requirements are handled by the provider and which remain under your organization’s control. This clarity is essential for accountability, contract terms, and ongoing oversight, and it helps ensure there are no gaps where a control might be assumed to be covered by the other party. While practical details like contact information or language in the contract can be helpful, they do not establish the critical division of duties that 12.8.5 requires.

Responsibility allocation for PCI DSS controls is what this item tests. When you rely on a service provider, you must clearly document which PCI DSS requirements are handled by the provider and which remain under your organization’s control. This clarity is essential for accountability, contract terms, and ongoing oversight, and it helps ensure there are no gaps where a control might be assumed to be covered by the other party. While practical details like contact information or language in the contract can be helpful, they do not establish the critical division of duties that 12.8.5 requires.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy